diff --git a/ghidra_plugin/cwe_checker_ghidra_plugin.py b/ghidra_plugin/cwe_checker_ghidra_plugin.py index 6ff4ea57c..a6476b354 100644 --- a/ghidra_plugin/cwe_checker_ghidra_plugin.py +++ b/ghidra_plugin/cwe_checker_ghidra_plugin.py @@ -28,11 +28,11 @@ def comment_cwe_eol(ghidra_address, text): def comment_cwe_pre(ghidra_address, text): - old_comment = getPREComment(ghidra_address) + old_comment = getPreComment(ghidra_address) if old_comment is None: - setPREComment(ghidra_address, text) + setPreComment(ghidra_address, text) elif text not in old_comment: - setPREComment(ghidra_address, old_comment + '\n' + text) + setPreComment(ghidra_address, old_comment + '\n' + text) def get_cwe_checker_output(): @@ -43,8 +43,14 @@ def get_cwe_checker_output(): def compute_ghidra_address(address_string): fixed_address_string = address_string.replace(':32u', '').replace(':64u', '') - address = int(fixed_address_string, 16) - return currentProgram.minAddress.add(address) + address_int = int(fixed_address_string, 16) + # Ghidra sometimes adds an offset to all addresses. + # Unfortunately, I havent't found a way to reliably detect this yet. + # Instead we detect the obvious case and hope that it works in most cases. + if address_int < currentProgram.getMinAddress().getOffset(): + return currentProgram.getMinAddress().add(address_int) + else: + return currentProgram.getAddressFactory().getAddress(fixed_address_string) def main(): @@ -57,7 +63,7 @@ def main(): for warning in warnings: if len(warning['addresses']) == 0: cwe_text = '[' + warning['name'] + '] ' + warning['description'] - ghidra_address = currentProgram.minAddress.add(0) + ghidra_address = currentProgram.getMinAddress().add(0) bookmark_cwe(ghidra_address, cwe_text) comment_cwe_pre(ghidra_address, cwe_text) else: diff --git a/src/checkers/cwe_248.ml b/src/checkers/cwe_248.ml index cd1b7a2c6..a6b5213c0 100644 --- a/src/checkers/cwe_248.ml +++ b/src/checkers/cwe_248.ml @@ -9,9 +9,9 @@ let version = "0.1" let print_uncatched_exception block_tid ~tid_map = let address = (Address_translation.translate_tid_to_assembler_address_string block_tid tid_map) in let description = sprintf "(Possibly Uncaught Exception) (Exception thrown at %s)." address in - let cwe_warning = cwe_warning_factory name version description in + let cwe_warning = cwe_warning_factory name version description ~addresses:[address] in collect_cwe_warning cwe_warning - + (* Extract the name of a direct call, if the block contains a direct call. *) let extract_direct_call_symbol block = match Symbol_utils.extract_direct_call_tid_from_block block with diff --git a/test/acceptance/test_file_output.py b/test/acceptance/test_file_output.py index 57b51c5b4..8fb1645b9 100644 --- a/test/acceptance/test_file_output.py +++ b/test/acceptance/test_file_output.py @@ -7,7 +7,7 @@ class TestFileOutput(unittest.TestCase): def setUp(self): self.res_file = '/tmp/res.json' - self.cmd = 'bap test/artificial_samples/build/cwe_190_x64.out --pass=cwe-checker --cwe-checker-config=src/config.json --cwe-checker-json --cwe-checker-out=%s' % self.res_file + self.cmd = 'bap test/artificial_samples/build/cwe_190_x64_gcc.out --pass=cwe-checker --cwe-checker-config=src/config.json --cwe-checker-json --cwe-checker-out=%s' % self.res_file def test_can_output_file(self): if 'travis' in os.environ['USER']: